Skip to main content

Dropbox used as malware hub to attack government agencies

Dropbox is being used as a hub for a remote access Trojan (RAT) that infiltrates company networks without detection.

Back in May, it was revealed that the malware had been used to attack a Taiwanese government agency.

Read more: Dropbox used by malware scammers: More than 500,000 victims so far

The virus, which is known as the PlugXRAT, is the first attack to use the cloud service as a host for updates to a command and control centre.

The Trojan registers victims' keystrokes, opens remote shells and maps ports in a network so that further information can be stolen in later attacks. Once the command and control centre links have been set up, attackers can move without detection within an organisation's network.

The initial versions of PlugX were first discovered in 2008, but this is the first time that they have been implemented in this way. There is also another variant of PlugX that disrupts anti-virus systems and disguises itself within domains until it is ready for use by the attackers.

Dropbox has come under intense scrutiny recently with regard to its security protocols. Last month, it was found that links to malware were being hosted on the site, with criminals looking to exploit the Dropbox brand.

A recent survey (below) on cloud security also found that most enterprise businesses saw Dropbox as a security threat, something the brand is keen to dismiss.

Read more: Businesses officially hate Box and Dropbox: Senior staff most likely to create security problems

"We will act quickly in response to abuse reports and are constantly improving how we detect and prevent Dropbox users from sharing spam, malware or phishing links," a company spokesperson told CloudPro.

"[We] will revoke the ability to share links from any accounts that violate our acceptable use policy."